Monday, 14 August 2017

VMWare Tools

Once you are done setting Kali Linux with VMWare, there is still stuff that you might want to do.
Note: This article assumes that you have basic knowledge about linux cli and have already installed kali linux. If not, read this article about installing kali linux and getting acquainted to command line interface.

Should you decide to create your own VMware installation of Kali Linux rather than using the  pre-made VMware images available at Kali Linux official site, you will need to follow the instructions below in order to successfully install VMware Tools in your Kali installation. You can opt to install either open-vm-tools, or the native VMWare tools.

Installing open-vm-Tools

This is probably the easiest way to get “VMWare tools” functionality inside a kali VMWare guest.
apt-get install open-vm-tools

This should be sufficient, but if you are feel that this was way too easy, then you are up for an adventure. Without knowledge of cli, what follows might look like a nightmare.

Installing VMware Tools in Kali

If open-vm-tools does not work for you, or if you prefer using native VMWare tools, begin by installing some packages that are required by the VMware Tools installer:
echo cups enabled >> /usr/sbin/update-rc.d
echo vmware-tools enabled >> /usr/sbin/update-rc.d

apt-get install gcc make linux-headers-$(uname -r)
ln -s /usr/src/linux-headers-$(uname -r)/include/generated/uapi/linux/version.h /usr/src/linux-headers-$(uname -r)/include/linux/
Next, mount the Vmware tools ISO by clicking “Install VMware Tools” from the appropriate menu. Once the VMware Tools ISO has been attached to the virtual machine, we mount the drive and copy the VMware Tools installer to /tmp/.
mkdir /mnt/vmware
mount /dev/cdrom /mnt/vmware/
cp -rf /mnt/vmware/VMwareTools* /tmp/
Then, change directory to /tmp/, extract the tarball and start the installer:
cd /tmp/
tar zxpf VMwareTools-*.tar.gz
cd vmware-tools-distrib/
./vmware-tools-install.pl
Follow the prompts for the VMware Tools installation and you are done.
Lastly, to get rid of possible VMWare service errors, edit the /etc/init.d/vmware-tools script, and at around line 876, change:
 # POSIX shell uses '!' for negation during bracket expansion.
   # See http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html
   IFS=.
   set -- `uname -r`
to :
 # POSIX shell uses '!' for negation during bracket expansion.
   # See http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html
   IFS=.
   set -- `uname -r|cut -d"-" -f1`
Once changed, proceed to restart the VMWare tool service.

Slow Mouse Movement in VMware

If your mouse movement is slow and sluggish in a Kali Linux VMware guest, try installing the xserver-xorg-input-vmmouse package in the Kali guest.
apt-get install xserver-xorg-input-vmmouse
reboot

Posted by at No comments:

Wifi Hacking - WEP - Kali Linux Aircrack-ng suite

Alright, this post is written assuming you have Kali Linux up and running on your computer. If not, here is a post on hacking with kali linux. It will tell you about what Kali Linux is, and how to use it. It will guide you through installation process.
So if you are still following, then just follow these simple steps-

Firstly, create a wireless network to crack. Don't use this method on others. It is illegal. Then proceed with the steps below.


1. Find out the name of your wireless adapter.

Alright, now, your computer has many network adapters, so to scan one, you need to know its name. So there are basically the following things that you need to know-
  • lo - loopback. Not important currently.
  • eth - ethernet
  • wlan - This is what we want. Note the suffix associated.
Now, to see all the adapters, type ifconfig on a terminal. See the result. Note down the wlan(0/1/2) adapter.




2. Enable Monitor mode

Now, we use a tool called airmon-ng to  create a virtual interface called mon. Just type 
airmon-ng start wlan0
 Your monitoring interface will be created - mon0 in case of Kali 1.x, wlan0mon in all other cases. 



3. Start capturing packets

Now, we'll use airodump-ng to capture the packets in the air. This tool gathers data from the wireless packets in the air. You'll see the name of the wifi you want to hack. For kali 2.0 or rolling, replace mon0 with wlan0mon
airodump-ng mon0


4. Store the captured packets in a file 

This can be achieved by giving some more parameters with the airodump command. For Kali 2.0 or rolling, replace mon0 with wlan0mon.
airodump-ng mon0 --write name_of_file

Now the captured packets will be stored in name_of_file.cap
You will have to wait till you have enough data (10000 minimum)
PS: Don't wait too long for this step though. Just understand how the procedure works (including the next sections), and once you are convinced you know what you are doing, proceed to the next tutorial where we use ARP replay to speed up the rate at which we gets packets. Using ARP request replay, we can get 10k packets in a few minutes.


5. Crack the wifi

If all goes well ,then you'll be sitting in front of your pc, grinning, finally you've got 10000 packets (don't stop the packet capture yet). Now, you can use aircrack-ng to crack the password. (in a new terminal)
aircrack-ng name_of_file-01.cap 
The program will ask which wifi to crack, if there are multiple available. Choose the wifi. It'll do its job. If the password is weak enough, then you'll get it in front of you. If not, the program will tell you to get more packets. The program will retry again when there are 15000 packets, and so on.

You'll get the key, probably in this format-
xx:xx:xx:xx:xx
Remove the colons
xxxxxxxxxx is the password of the wireless network

Issues?

Try this-
ifconfig wlan0 up
ifconfig wlan0 down
airmon-ng check kill
rfkill unblock all
Or this- (from Sebastian's comment below)

With the new version, the monitor is wlan0mon, and the monitor isn't working.
A solution is the commands:
ifconfig wlan0mon down
iwconfig wlan0mon mode monitor
ifconfig wlan0mon up

Source: http://stackoverflow.com/questions/32025472/airodump-ng-wlan0mon-doesnt-work

Disconnected from internet (wifi)?

Again, replace mon0 with wlan0mon for Kali 2.0 or rolling.
airmon-ng stop mon0
This is usually sufficient. If wlan0 is not up (check ifconfig or iwconfig), then do this (if you don't know what to do, then do this anyway)-
ifconfig wlan0 up
 If wifi still doesn't start, try this too
service network-manager restart

Want to try an easier method?

Use wifite, just one command required

For WPA/WPA-2

Hacking wpa/wpa-2 wps with reaver on kali linux

For Troubleshooting

The missing ingredient

This attack taking too long? Ready to go further?

Speed up WEP hacking with ARP replay attack 

WPA hacking sucks? There's an alternate way to go about it

Hacking WPA/WPA-2 without dictionary/bruteforce : Fluxion

Posted by at No comments:

Virtual Private Networks, Another Way To Ensure Privacy

Before we get to the interesting part, first a little bit introduction about what a VPN is -
Put simply, a Virtual Private Network, or VPN, is a group of computers (or discrete networks) networked together over a public network—namely, the internet. Businesses use VPNs to connect remote datacenters, and individuals can use VPNs to get access to network resources when they're not physically on the same LAN (local area network), or as a method for securing and encrypting their communications when they're using an untrusted public network. When you connect to a VPN, you usually launch a VPN client on your computer (or click a link on a special website), log in with your credentials, and your computer exchanges trusted keys with a far away server. Once both computers have verified each other as authentic, all of your internet communication is encrypted and secured from eavesdropping. (lifehacker)
 So basically, what happens here is that the data you send is protected from eavesdropping. It is encrypted in  a way that can't be decrypted easily. So, other than the two methods discussed earlier, VPN is a method to stay anonymous too.

What are the advantages of using a VPN?

  1. Your data is encrypted.
  2. No-one can eavesdrop your communications.
  3. Your privacy is ensured.
  4. You can pretend to be someone you are not (You wanna use some service which is banned in your country, VPN is the answer).
  5. You can overcome browsing restrictions imposed on you.

What makes a good VPN?

  1. Price - Hell yeah, it should be priced reasonably (did I forget to mention VPNs are not free of cost)
  2. Free? Yeah, there are some free VPNs too. They serve you ads and are more or less useless. They dont do what they promise. They are good for beginners though, who want to learn, and privacy is not much of a problem.
  3. They should use SSL. If you have no idea what this means, then, simply put, its the best protocol the VPNs use, and all others come next to SSL. (other protocols have their own pros and cons)
  4. Logging- Some VPNs log your data. Not good.
  5. Exit location - There must be a lot of them. That is, you can pretend to be a lot of people. Also, if there are very less exit locations, then it will affect browsing.

How VPNs work?

Recommended VPN

Hide me is the only popular VPN that I know of which does'nt log your data. It might be worth a try. They have a 25% discount going on as a part of their promo campaign. Take a look here if that interest's you.
Surf the Internet Anonymously and Save 25% Off! with a VPN from Hide.me. 
Posted by at No comments:

Staying Anonymous

Alright Guys, this is the first post of this blog. But I won't waste time with formalities. But before you become a hacker, you must know how to stay anonymous online. There are various levels in which this can be done
(Note: None of these methods are completely foolproof. If you are doing something illegal, then you'll go to jail. That's it.)

Tails OS

"Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly."
This is what their official website has to say about it. Actually, it is nothing but an OS that comes with all applications customized for privacy and anonymity.

How To Use
  1. Go to their official website and read the stuff there. 
  2. Download the latest version of the OS.
  3. Put it on a USB and boot.
  4. Explore the OS, and learn more about it from their documentation.
Once you are through with the documentation and have practiced enough with the OS, your identity is safe.


Tips
  1. You should have some experience with linux if you want to become a hacker. Ubuntu is good for beginners.
  2. Do not assume that you are completely anonymous. You are not.

TOR BROWSER BUNDLE

"The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.
The Tor Browser Bundle lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained." - Official Website
If the idea of downloading a whole OS sounds boring to you, then this browser is made for you. It, however, is not as robust as tails, and its usage is limited to anonymous browsing.

    How To Use
    1. Go to their website and read the documentation.
    2. Download the latest browser bundle.
    3. Read the documentation.
    4. Install and run.
    Note:
    Browsing is annoyingly slow, since the traffic passes through three relays.

    That's all for this post. In the next post we'll talk about VPNs. Check out Hide Me VPN.


    Posted by at No comments:
    Subscribe to: Posts (Atom)